Вы находитесь на странице: 1из 15
Safetica Endpoint Security Features Overview
Safetica Endpoint Security Features Overview
Safetica Endpoint Security Features Overview
Safetica Endpoint Security Features Overview
Safetica Endpoint Security Features Overview

Safetica Endpoint Security Features Overview

1

Safetica Endpoint Auditor

3

1.1 Internet Usage Monitoring

3

1.1.1 Websites Access Monitoring

3

1.1.2 Detailed Websites Categorization

3

1.1.3 E-Mail Monitoring

4

1.1.4 Webmail Monitoring

4

1.1.5 General Record on IM Communication

4

1.1.6 Monitoring of Work with Files

5

1.2 Activity Monitoring

5

1.2.1 Intelligent Screen Record

5

1.2.2 Key Trapping - KeyLogger

5

1.2.3 Search Monitoring

5

1.2.4 Monitoring of Printing

5

1.3 Intelligent Employee Profiling

6

1.3.1 Monitoring of Employee Productivity

6

1.3.2 Employee Profiling

6

2 Safetica Endpoint Supervisor

6

2.1 Application Control

6

2.1.1 Application Blocking

6

2.1.2 Large Database of Applications

7

2.2 Web Control

7

2.2.1

Blocking of Websites according to Categories and Keywords

7

2.3 Print Control

7

2.3.1 Blocking Access to Printer

7

2.3.2 Blocking printing of selected documents in connection with Safetica Endpoint DLP

8

3 Safetica Endpoint DLP

8

 

3.1 Device Control

8

3.1.1 Control over USB, IrDa, Bluetooth, FireWire, serial and parallel ports

8

3.1.2 Detailed Identification of USB and Bluetooth Devices

8

3.2 Data at Rest Protection

9

3.2.1 Data at Rest Security and Disk Encryption

9

 

3.2.2 Data

Shredder

9

3.3 Data in Motion Protection

9

3.3.1 Encryption of Portable Disks

9

3.3.2 The Safest Encryption Algorithms

10

3.4 Data in Use Protection

10

3.4.1 DLP Rules

10

3.4.2 Anti-KeyLogger

10

3.4.3 Intelligent Data Classification

10

3.4.4 Control of Behavior and Access of Applications to Data

11

3.5 Endpoint Security Tools

11

3.5.1 Secure Manager of Passwords

11

3.5.2 Support of Current Archives Types

11

3.5.3 Password Generator

12

 

3.5.4 PC Lock

12

3.5.5 Security Keys

12

3.5.6 Sending of Safeguarded Data by E-Mail

12

4 Other

13

4.1 Regulatory Compliance

13

4.2 Time Efficient Security

13

4.2.1 Easy Application of Setting Templates

13

4.2.2 Automatic Warnings

13

4.2.3 Repeated Task Planner

13

4.2.4 Remote Administration of Clients‘ Stations

14

4.3 Detailed Control of Access to Administration and Supervision

14

Safetica Endpoint Security Features Overview

Your own employees damage your company every day. They pretend to be working, misuse company resources, steal and loose sensitive data. Safetica security software is the only one in the world to protect your company against all the major failures of your staff: sensitive data leaks, financial losses and damage to your company goodwill. And at the same time it shows your staff’s potentially dangerous behavior long befo- re their conduct threatens your company.

behavior long befo- re their conduct threatens your company. 1 Safetica Endpoint Auditor 1.1 Internet Usage

1 Safetica Endpoint Auditor

1.1 Internet Usage Monitoring

1.1.1 Websites Access Monitoring

Expose which websites your employees visit during work- ing hours. Safetica delivers clearly organized statistics of the most frequently visited websites and the amount of time spent browsing them to company managers. The websites are sorted according to category, number of visits and pro- ductivity rate. It does not matter which browser employees use - Safetica Endpoint Auditor can process data from them all. It can even cope with encrypted HTTPS protocol that is often used by employees to evade monitoring applications.

Endpoint Auditor productivity new job
Endpoint Auditor
productivity
new job

Key Features

Well-arranged overview of websites visited by employ- ees.

Classification of the visited websites according to cat- egory, domain and time spent browsing.

Possibility of filtering results

Clear statistics of the most frequently visited website cat- egories

Not dependent on the browser used.

It exposes and monitors network activity using HTTPS protocol.

Main Benefits

Expose employees who misuse the company network for personal matters.

Find out how much time employees really spent on ev- ery website.

Find out which employees misuse the Internet for illegal activities.

Traffic on difficult to trace HTTPS protocol won‘t escape you.

You will be immediately warned of undesirable employ- ee behavior, for example, also by e-mail.

Avoid reading boring and comprehensive records about employee activity.

boring and comprehensive records about employee activity. 1.1.2 Detailed Websites Categorization Which websites

1.1.2 Detailed Websites Categorization

Which websites visited by employees relate to their work and which don‘t? Leave their categorization on Safetica software and save your managers’ time. Safetica Endpoint Auditor delivers a wide database of websites distinctly clas- sified into categories and subcategories. The authorized manager only selects which categories are suitable for which employee and which categories should be blocked by Safetica Endpoint Auditor. So he/she does not have to, for example, select manually which websites contain online games.

3

Key Features

Wide categorized database of websites

Nearly 5M records

Regularly updated data

Possibility to add own websites

Main Benefits

The use of categories increases clearness of monitored outputs.

Speed of Safetica Endpoint Auditor installation is in- creased by automatic website categorization.

Safetica Endpoint Auditor installation requires minimum manual configuration.

Thanks to the categories, the company manager does not need to check every website manually and evaluate

its content.

1.1.3 E-Mail Monitoring

Do your employees communicate actively with competitors or do they forward dozens of chain e-mails with funny pic- tures? Expose what kind of e-mails they send during work- ing hours. If suspicious,, responsible managers can obtain detailed information about employees‘ communication, in- cluding enclosures that might contain sensitive information.

Key Features

Overviews of an employee’s sent and received e-mails

Information on files sent in attachments

Statistics on employees‘ most frequent e-mail senders and recipients.

Main Benefits

Expose employees sending chain e-mails which waste their time and that of other employees.

Expose employees‘ attempts to divulge sensitive infor- mation by means of e-mail.

Incriminate employees who deal with their personal correspondence during working hours.

Expose employees who communicate with competitors.

Obtain incriminating evidence in the case of employ-

ees‘ risky behavior.

1.1.4 Webmail Monitoring

Some employees use the web interface for undetectable e- mail communication. However, Safetica Endpoint Auditor also uncovers this form of communication. When visiting company or personal webmail, it records the content of sent e-mails. The manager responsible is then informed of the communication that the employee is trying to hide. Safetica Endpoint Auditor can also deal with secured connection via HTTPS protocol.

Key Features

It locks on content of e-mails sent via the web interface.

It also operates reliably in the case of connection via HTTPS protocol.

It works in all enhanced browsers (MS Internet Explorer, Mozilla Firefox, Google Chrome and Opera).

4

Explorer, Mozilla Firefox, Google Chrome and Opera). 4 • It is independent of webmail providers (it

It is independent of webmail providers (it operates re- liably for company webmails as well as for personal webmails).

Main Benefits

Obtain incriminating evidence in the case of employ- ees‘ risky behavior.

Expose employees sending chain e-mails which waste their time and that of other employees.

Expose employees‘ attempts to divulge sensitive infor- mation by means of webmail.

Incriminate employees who deal with their personal correspondence during working hours.

Expose employees who communicate with competitors.

Obtain incriminating evidence in the case of employ-

ees‘ risky behavior.

1.1.5 General Record on IM Communication

Your employees might amuse themselves during working hours chatting by means of Instant Messaging Clients. Ex- pose how they amuse themselves when nobody is super- vising them. Safetica Endpoint Auditor records IM Clients communication including those who make use of encrypted communication. In contrast with competitors‘ solutions, the software operates for all used communication programs. The manager responsible may obtain a more detailed idea of communication content by means of Intelligent Screen Scanning.

Key Features

General Record on IM Communication

It also records communication from IM Clients who use encrypted connection.

In connection with other functions, it offers clear statis- tics of the length of chatting.

Main Benefits

Expose employees who spend too much time chatting.

Expose a danger that might be ready to strike.

Expose disloyal employees trying to damage the com- pany.

Obtain evidence against dishonest employees.

The manager in charge finds out how much time em- ployees spend chatting.

1.1.6 Monitoring of Work with Files

An employee accessing any sensitive data is a potential danger for the company. Even if they are authorized to ac- cess the data, they might misuse it. Expose who copies files into different folders, who sends them by e-mail and who uploads them on the Internet. You will have a detailed over- view for every employee of which files they used the most, what they did with them and through which applications they accessed them. You will have evidence against your employees who decide to damage your company.

Key Features

Overview of the most frequently used files

Statistics of applications that access the files the most often.

Record of operations with files: reading, writing, remov- ing, deleting.

Statistics and charts of the most active users (e.g. what kind of file they used the most often).

Main Benefits

Expose actions that endanger sensitive information, e.g. deletion of many files by a disgruntled employee.

Expose employees who misuse their access to sensitive information.

Find out which applications access sensitive data and what they do with it.

1.2 Activity Monitoring

1.2.1 Intelligent Screen Record

Avoid suspicion about whether employees are really work- ing. Show them a record of their actions on their screen and so expose what they really do during their working hours. In the case of suspicion of an employee‘s unwanted activ- ity, the results of Intelligent Screen Record serve as precise proof of what really happened on the screen.

Key Features

Intelligent Record Mode - only in the case if something is happening.

The possibility to set regular intervals of screen record- ing.

The possibility of a backup record playing.

Main Benefits

You will not miss any important activity by an employee.

You will avoid employees‘ excuses – if necessary, you will obtain evidence of real activity.

By means of the intelligent record, you won‘t have to browse piles of identical snapshots.

1.2.2 Key Trapping - KeyLogger

KeyLogger is a foolproof tool that offers you an overview what a user writes on the keyboard. The tool works in the background and its presence is not noticeable to the em- ployee in any way. KeyLogger is used by other Safetica Endpoint Auditor‘s tools.

5

Key Features

It operates reliably in 32bit and also in 64bit architec- ture.

It records text in context with applications to which it was written.

Trouble-free cooperation with other Safetica Endpoint Auditor monitoring tools.

Main Benefits

KeyLogger records text in context with applications to which it was written.

In the case of suspicion, you can obtain evidence against employees who criticize the company.

You will verify employees‘ real activity - what they really

wrote.

1.2.3 Search Monitoring

One of the most frequent activities of employees is brows- ing. However, it is not always a required activity. They might be looking for a new job, they might be searching for sensi- tive files or be interested in subjects that they do not need for work. Safetica offers you a detailed overview of what employees browse within the system and on the Internet.

Key Features

Statistics of individual user browsing

Overviews of searched windows

Lists of searched expressions

Support on all widespread browsers

Heuristic analysis for unknown browsers

The possibility to add unknown browsers

Main Benefits

Expose employees‘ potentially dangerous behavior right from the start.

Find out what your employees are interested in and not only from visited websites.

1.2.4 Monitoring of Printing

Obtain a detailed overview on the use of company print- ers. Find out how many documents were printed by employ- ees, who prints most of them and which protected docu- ments were blocked by Safetica software. Obtain evidence against employees who misuse company printers for per- sonal purposes or who try to print sensitive documents pro- tected by Safetica Endpoint DLP.

Key Features

Statistics of printed and blocked documents

Overview of users who use printers the most often

Detailed information on printing from the employee’s aspect, for example the number of printed pages.

Main Benefits

In cooperation with Safetica Endpoint DLP, avoid print- ing selected sensitive documents.

Obtain a full overview of printer usage at your com- pany.

Find out which employees waste company resources.

In connection with Safetica Endpoint DLP, expose em- ployees who try to print protected documents.

1.3 Intelligent Employee Profiling

1.3.1 Monitoring of Employee

Productivity

This means the end of wading through hundreds and thou- sands of records from monitoring outputs. By means of Safetica software, you will find out faster if your employees are working or only pretending to work. Safetica Endpoint Auditor automatically checks employees‘ productivity and informs the manager whether the employee oversteps set bounds. For example, you can also expose employees who learn how to cheat on their work and do only that much in order that nobody notices their lack of interest. The manag- er responsible doesn’t need to regularly check monitoring outputs to discover an unproductive employee.

Safetica Endpoint Auditor also supports also the principle „enough is as good as a feast“ – a manager who carries out supervision can set what part of working time employ- ees can spend on personal matters or relaxation. The man- ager will be informed immediately of exceeding this time. Safetica Endpoint Auditor delivers to the company manage- ment exactly those answers needed from a monitoring tool:

Do our employees work?

Key Features

Automatic evaluation of employee productivity accord- ing to their activities. Evaluation of employee‘s labor performance according to time spent on websites of selected categories and duration of work with selected applications. Activity setting according to four catego- ries: Productive, nonproductive, critical, neutral.

Main Benefits

The most effective way of supervision with regard to time - a manager is only necessary in the case of an anomaly.

The manager responsible is not harassed by thousands of records but only by problem behavior.

Safetica Endpoint Auditor saves the time of managers who execute supervision fully

In the case of suspicion of undesirable activity, detailed records of monitoring are available.

The person responsible will be immediately warned of

anomalies, for example by e-mail.

1.3.2 Employee Profiling

Your employees‘ behavior can change over time. A promis- ing workaholic becomes an average worker; an average worker becomes an employee who pretends to work and is not interested in it. By means of profiling, you will expose habits and changes in your employees‘ behavior. You can discover temporary fluctuation as well as long-term tenden- cies in their activity.

The manager responsible does not need to wade through tens of thousands of records obtained by monitoring. Safetica Endpoint Auditor processes all obtained data con- tinuously and evaluates changes in employee behavior.

6

Key Features

Detection of anomalies within long-term users‘ behavior

Analysis of employee behavior on the basis of Internet and application activities

Periodic analysis of obtained data

Quick setting thanks to data and application categori- zation

Retrospective view on employee behavior development

Immediate security warning on considerable changes in behavior

The possibility of setting the period of time during which behavior is to be compared.

Main Benefits

You will expose changes in employees‘ behavior within

a long-term timescale.

In the case of critical changes, a security manager is immediately informed, also by e-mail.

Expose employees who have lost their motivation for work.

In the case of suspicion of undesirable activity, detailed

records of monitoring are available.

The authorized manager does not need to read tens of thousands records regularly.

2 Safetica Endpoint Supervisor

2.1 Application Control

2.1.1 Application Blocking

Forbid your employees from starting non-required and harmful applications. They decrease employees‘ produc- tivity and endanger sensitive company information. Gain control on what applications can be started by employees on company computers. By means of reliable blacklisting (blocking of selected applications) eliminate the starting of applications which your employees do not need for work. Applications can be also blocked directly in overviews of Safetica Endpoint Auditor module.

Key Features

Reliable application blocking: Neither change of appli- cation name nor copying of the application to another directory can help employees

Possibility of automatic blocking of a selected category of applications

Different levels of blocking: Absolute, possibility of dif- ferent application starting, possibility of application modification, possibility of application starting

Possibility of immediate merging of a newly blocked application into a category

Matching up of unknown blocked applications from more users for quick evaluation

Main Benefits

Eliminate games and other applications that might dis- tract employees during work.

Concentrate users‘ attention only on applications that they need for work.

You can limit employees‘ time spent for example by chatting via IM programs.

2.1.2 Large Database of Applications

Manual sorting of all used applications is a time-consuming process that you would rather leave to Safetica Endpoint Security. In a short time you can easily sort applications to those which employees need for work and to those which they do not. Thanks to an extensive categorized database of applications, you can easily select comprehensive groups of applications. In the case of an unknown application, Safetica Endpoint Supervisor executes Heuristic analysis and estimates which category the application is intended for.

Key Features

Large and updated database from several sources

Possibility to add own applications to categories.

Main Benefits

• Save the time of the security manager who would have to sort hundreds of
• Save the time of the security manager who would have
to sort hundreds of applications manually.
Endpoint Supervisor
CEO
Assistant
Accountant
Internet
facebook.com
youtube.com
times.com
Applications
Freecell
MS Word
Printing
Office
Hall
Applications Freecell MS Word Printing Office Hall 2.2 Web Control 2.2.1 Blocking of Websites according to

2.2 Web Control

2.2.1 Blocking of Websites according to

Categories and Keywords

Stop employees from browsing entertaining websites and block attempts to visit illegal and harmful websites. Thanks to Safetica Endpoint Supervisor, you can easily determinate which website employees are allowed to visit (whitelisting) and respectively which will be blocked for them (blacklist- ing). You will avoid wasting employees‘ working time or breaking the law by employees‘ participation in illegal ac- tivities.

Safetica Endpoint Auditor also reliably blocks websites which are accessed by means of protected HTTPS port.

Key Features

Whitelisting: Granting permission to access only cer- tain websites (e.g. company IS)

Blacklisting: Prohibiting undesirable categories and in- dividual websites

Possibility to block websites according to keyword oc- currence

Adjustable sensitivity to specific keywords in website content Blocking according to some parameters: URL websites, part of URL

Possibility to block selected websites directly on outputs of the Safetica Endpoint Auditor module

Clear statistics of blocked websites

Main Benefits

You will focus employees‘ attention on their work.

You can eliminate visits to illegal website by whitelisting (child pornography, support of prohibited ideologies, sale of drugs).

You can eliminate visiting websites by means of HTTPS port that many employees use for evading security set- tings.

2.3 Print Control

2.3.1 Blocking Access to Printer

Your employees increase your IT department’s costs by un- necessary printing. Block access to printers for selected employees that you detected with the Safetica Endpoint Auditor module. In connection with it, blocking of printing also delivers detailed information on how many pages were printed by which printer.

Key Features

Authorization and prohibition of printing to specific em- ployees or to complete departments.

Record on refusal of printing to selected employees

Detailed statistics of the number of pages printed and printers used in cooperation with the Safetica Endpoint Auditor module.

7

Benefits

Save a considerable part of costs on company printers operation.

Gain control over who is allowed to print - cut problem- atic employees.

2.3.2 Blocking printing of selected docu- ments in connection with Safetica Endpoint DLP

Safetica Endpoint Supervisor manages to block printing of particular documents in connection with the Safetica Endpoint DLP module. In this way you can avoid physical document leakage. Protect your company against leakage of sensitive information and financial loss and good reputa- tion connected with it. By blocking specific document printing for selected employ- ees or full groups, you will achieve higher security of sensi- tive company information.

Key Features

This function is linked with Safetica Endpoint DLP mod- ule.

Possibility to set rules for selected tagged files.

The authorized manager is immediately informed on who tried to print protected documents and whether they were able to do so.

Main Benefits

You will gain control of the creation of physical copies of sensitive company documents.

Increase security of sensitive information.

documents. • Increase security of sensitive information. 8 3 Safetica Endpoint DLP 3.1 Device control 3.1.1

8

3 Safetica Endpoint DLP

3.1 Device control

3.1.1 Control over USB, IrDa, Bluetooth,

FireWire, serial and parallel ports

Safetica checks access and respectively prohibits the con- nection of peripheral devices connected to the PC. You can protect company computers against installation of un- wanted applications and viruses from devices brought by employees and you will prevent them from taking sensitive information on unauthorized and unsecured devices home. You can, for example, prohibit all USB devices and gradu- ally authorize only devices approved by a manager for spe-

cific employees.

Features

Monitoring of peripheral device connection to compa- ny computers

Blocking of unwanted peripheral devices

Immediate warning in the case of a problem - blocking of a prohibited device

Benefits

You will obtain a detailed overview of the connection of peripheral devices to company computers.

Your employees will not be able to take away sensitive data on flash disks with them.

You will protect company computers against possible viruses from flash disks.

You can comfortably check the connection of peripher- als across the whole company.

The security manager will be immediately informed on any attempt to connect an unauthorized disk.

3.1.2 Detailed Identification of USB

and Bluetooth Devices

For devices connected via USB and Bluetooth interfaces, Safetica Endpoint DLP offers the possibility of more precise setting of access by means of several parameters. Company management can, for example, set only connection of secu- rity USB tokens.

Key Features

Detection of connected USB and Bluetooth devices ac- cording to Vendor ID, Product ID and serial number.

Main Benefits

Obtain a more sensitive tool for administration of autho- rizations for devices connection.

You can set which particular USB and Bluetooth device can be connected to a computer.

You can, for example, easily define a group of working USB disks.

3.2 Data at Rest Protection

3.2.1 Data at Rest Security and Disk Encryption

Do not underestimate your data security. The theft of data carriers or of whole computers is nothing out of the ordi- nary. This is how individuals and whole firms lose financ- es and often also their goodwill. Protect your disks with Safetica software. It creates virtual disks or safely encrypts whole physical disks. Everything is protected by modern

and strong methods of security.

Key Features

Comfortable administration and use of virtual disks.

Possibility to encrypt individual files.

Encryption of physical disks.

Main Benefits

Only an authorized person can get to data saved on a disk.

Neither theft nor loss endanger the security of your data and your company reputation.

Redundant data will be deleted safely and unrecover- ably.

• Neither state offices nor the police can get to data if Endpoint DLP Creation
• Neither state offices nor the police can get to data if
Endpoint DLP
Creation
New data immediately
secured.
Deleting
Transport
Erase redundant
data reliably.
Keep information
safe on the go.
Storage
Usage
All data encrypted
securely.
Prevent illegitimate
data usage.
data encrypted securely. Prevent illegitimate data usage. 9 you do not authorize them. • Encryption itself

9

you do not authorize them.

Encryption itself applies a minimum load on the com- puter.

Safetica Endpoint Security uses only highly safe encryp- tion methods.

Security is executed continuously; your data is protect- ed at all times.

3.2.2 Data Shredder

You cannot remove data safely by common deletion. There are dozens of tools that manage to restore deleted files. Software Safetica brings you the function of a data shred- der that removes deleted files and directories safely without the possibility of restoration. When disposing of old com- pany PCs, you can safely delete whole disks and someone finding them by chance will be unable to access your per- sonal data. Data is safeguarded even after it is deleted.

Key Features Safe and unrecoverable deletion of unwanted sensitive information Planner for repeated starting of the data shredder op- eration

Main Benefits

It will not be possible to restore deleted data in any way at all.

Old company disks from computers can be sold or handed over for disposal without fear - they will not contain any sensitive data.

By planning the data shredder operation, you can en- sure that even in a hurry you will not forget to delete files thoroughly.

Through regular safe deletion, you will obtain more free

space on the clients‘ computers.

3.3 Data in Motion Protection

3.3.1 Encryption of Portable Disks

Protect your data on portable media against eventual theft. The function of a traveling disk makes safeguarding USB disks, flash disks and other portable media possible. Safeguarding portable media does not limit its use on other computers in any way. It is sufficient to connect a portable disk, to input a password and the data is prepared for use.

Key Features

Safe data transfer - the portable disk is protected by encryption such as Blowfish, CAST5, CAST6, MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish.

Encryption of files sent by e-mail as attachments.

Main Benefits

Easy backup of portable disks - by copying one file

Easy use – the Safetica Endpoint Security Tool offers a wizard for creating a portable disk.

3.3.2 The Safest Encryption Algorithms

For safeguarding your sensitive company data, Safetica Endpoint Security software uses the best ciphers currently known. The same encryption methods are used by gov- ernments and international corporations. Their decryption would take billions of years even for well-equipped attack- ers using brute force and current computational possibili- ties. There is no back door to data safeguarded by Safetica software. So the data is accessible to the authorized per- son only. Of course, a sufficiently strong password of good quality is a must.

Key Features

Used encryption methods: Blowfish, CAST5, CAST6, MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish.

Optimization of as small a load as possible during en- crypting and decrypting

Security keys for data restoration

Main Benefits

Only authorized persons have access to your data.

Security of your data is not endangered by imperfect and ruptured ciphers.

You are not exposured to data because of a forgotten password.

There is no back door for the police or state offices.

3.4 Data in Use Protection

3.4.1 DLP Rules

Employees who have legitimate access to data can misuse it: They can handle your data in other ways than their work- ing position requires. They might create copies if they have been fired, send data to competitors via the Internet or print sensitive documents.

By means of DLP rules, you can comfortably set the way how employees can handle files. Whether they can edit them, delete them and where they may write them. The se- curity manager can set rules for individual employees or whole groups. Operations with files that are not authorized will be cancelled and the security manager will be informed about them immediately.

Key Features

Gain control of how employees work with files.

Set the rules for working with files according to their tag- mark.

Guard that data does not leave the safe zone and if necessary automatically encrypt copied data.

Ban access to whole disks, their parts or setting of ac- cess for reading only.

Protection of files in real time - it checks every operation with a protected file.

Detailed records on employees‘ activities with files clearly displayable with Safetica Endpoint Auditor.

Optimized for speed - minimal applied load for client’s station.

Detailed setting of rules up to the level of individual files.

Main Benefits

Gain complete control of what employees might do with company data.

Wide possibilities of setting the access roles, rules for access and allowed operations.

Current employees cannot evade protection nor switch

it

off.

can also check any operation with files within con-

It

nected portable devices.

Blocking of unauthorized operations with files with Safetica Endpoint DLP does not slow down the clients’ computers.

3.4.2 Anti-KeyLogger

Spy programs - keyloggers- can bug passwords and oth- er sensitive data which is inserted by the keyboard. Anti- KeyLogger is a tool that intelligently executes an automatic check of launched applications. If it detects an application that shows the behavior of a keylogger, it finishes it and informs the appropriate security manager. If you use a spe- cific application that behaves as a keylogger, it can be de- tached from the Anti-Keylogger setting and authorized.

Key Features

It detects and eliminates keyloggers.

It operates reliably in 32bit and also in 64bit architec- ture.

It does not use any database of spy applications and

safeguards generally.

Automatic run and monitoring of launched application activity.

Possibility of immediate security warning in the case of

a threat occurrence.

Main Benefits

You can secure company data against bugging if in- serted by employees.

It is not necessary to set anything, administrators and

security managers are not held up.

Anti-KeyLogger protects automatically without the ne- cessity of a manager‘s or employee‘s action.

You will obtain a long-term overview of keylogger oc- curance at your company. You can find out whether anybody is trying to install spy software in mass and intentionally.

You will be informed of any spy application after its elimination.

3.4.3 Intelligent Data Classification

To tag manually all files that have to be protected is a long and nearly impossible process because files with sensitive data are being continuously created, transferred and de- leted. Safetica Endpoint Security offers you a solution to this problem in the form of Intelligent Data Classification. By means of classification rules, you can divide data into groups. Groups of information, but also individual files, are marked by Safetica Endpoint DLP with a unique mark - a tag with which a file can be identified if somebody tries to remove it or change its name.

10

After primary classification it runs further during current op- eration, so that also newly created files are classified and marked with an appropriate tag.

Key Features

Data identification according to name, ending, place- ment, kind of application that created the file and other parameters.

Smooth administration of classification rules by means of the Safetica Management Console

Classification runs over local and shared data.

Other components of Safetica Endpoint Security identify sensitive files according to the tag.

Possibility to extract some files from the classification, e.g. system files.

Immediate reaction of the classification mechanism on changes and transfer of files.

Possibility of rule setting only from the application point of view, for example a ban of access to the Internet.

Possibilities of blocking printing applications, if they ac- cess sensitive information.

It also safeguards applications accessing files in net- work folders.

Main Benefits

Protect sensitive information against modification and replacement by means of various applications.

You can easily enforce a security policy for work with sensitive data.

Ensure that sensitive data influenced by application ac- tivity does not leave a security zone without appropri- ate protection.

3.5 Endpoint Security Tools

3.5.1 Secure Manager of Passwords

Do your employees use many passwords daily? And do they remember all of them or do they simplify them and write them on small pieces of paper and attach them to

Main Benefits

You can classify a huge amount of sensitive data simply, without the necessity of sorting through it manually.

Newly created data is also classified automatically.

Data stays tagged also in the case of a file name the monitor? Such behavior endangers the internal security

of a company. An unauthorized employee or a thief can

Tag-mark is an integral part of a file (extended file enter highly protected systems and sensitive company data

change or in the case of its transfer.

attribute).

thanks to information found.

3.4.4 Control of Behavior and Access of Applications to Data

In the case of unwanted manipulation with data through common applications, the endangering of sensitive compa- ny information can occur: Some applications might upload them on the Internet or send them to unauthorized persons; some might create dozens of copies.

Control of behavior and access to applications gives you control over which application might access guarded sensi- tive files and what they might do with them. The security manager can select individual applications or whole cat- egories of applications and edit rules for working with files on a massive scale.

Safetica Endpoint DLP also guards whether an application tries to replace sensitive data outside a security zone and according to the setting either automatically safeguards the data or prohibits its removal. It is easy, for example, to set that the only website where files can be uploaded is the web interface of your informa- tion system.

Key Features

Gain control of the way by which applications operate with files.

Control of application operations with files: reading, writing, copying, sending to network, printing.

Setting the rules of security policy for working with files.

Safetica Endpoint DLP safeguards data leaving a secu- rity zone.

Possibility to encrypt the output of applications.

11

Safetica Endpoint Security Tools offer your employees a safe file for the safekeeping of passwords, logon data and other confidential information. A single password or security key suffices for access to them. However, the whole database is unreadable without them.

Key Features

Encrypted database of passwords is accessible from Safetica Endpoint Security Tools.

Possibility of password classification into groups and subgroups.

Binding actions (opening a page, launching an appli- cation) to individual records.

Remote distribution of database passwords.

Safe passwords, files, keys and other types of items storage.

Main Benefits

It is enough to remember a single password.

A forgotten password does not deprive your employees of data - they have a security key.

Employees have their passwords clearly and safely ar- ranged at last.

Increase your employees‘ effectiveness - they do not have to rewrite or tediously look for access data, they can copy it safely.

3.5.2 Support of Current Archives Types

Apart from current archives‘ support, Safetica Endpoint Se- curity Tools also offers the possibility of safeguarding an archive with a password. Software Safetica also supports practical self-extracting safeguarded archives. Data can

be easily compressed into an executable file, transferred to another computer and extracted by merely clicking and entering a password. Such usage does not require the in- stallation of Safetica Endpoint Security software to target computers.

Safeguarded DCF archives can also be created in addition to common archives. They are suitable for the transfer of sensitive information and they make use of the same encryp- tion as other Safetica Endpoint Security software modules.

Key Features

Used encryption methods: Blowfish, CAST5, CAST6, MARS, RC5, RC6, Rijndael (AES), Serpent and Twofish

Support of all common archives types

Support of self-extracting SFX archives

Support of safeguarded DCF archives

Main Benefits

Save costs on unnecessary software for data compres- sion, all common archives can be extracted with

Safetica Endpoint Security Tools. Safe data transfer in DCF archive eliminates the possibility of data leakage, e.g. during sending e-mails.

3.5.3 Password Generator

Your employees use simple passwords of the following types: „Password123“ or a password that contains a wife‘s or husband‘s name or the personal identification number of their children. Such passwords are dangerous because they can be easily broken.

Password Generator is the solution to the problem of weak passwords. Shortly, employees gain a password of good quality that meets required rules about the number of attri- butes and difficulty. These passwords can then be saved to the Password Administrator so that they are not forgotten.

Key Features

Easy generation of safe passwords according to rules.

Setting of rules for password generation for the fulfill- ment of company security policy conditions.

Saving a password directly to the secured database of passwords.

Cooperation with other Safetica Endpoint Supervisor modules (safeguarding of disks, file encryption, safe- guarded password database).

Main Benefits

Your employees will not endanger the security of sensi- tive data with passwords of „Passwords 123“ type.

You will enforce good password quality centrally across the whole company.

3.5.4 PC Lock

An employee leaving a computer is an opportunity for data theft. Common locking during a break for lunch with a pass- word is not sufficient and it can be easily broken. In ad-

dition, frequent and repeated password insertion hinders an employee and offers a good chance to an attacker to lip-read a password.

PC lock offers comfortable locking of a workstation in the case of an employee‘s absence. A common USB flash disk then behaves as a key for unlocking the computer. Safetica Endpoint Security identifies an attempt to copy a key, so it is impossible for an attacker to duplicate the key. This function is a part of Safetica Endpoint Security Tools.

Key Features

Security key for computer locking created from a com- mon flash disk.

Integration into Windows system.

Main Benefits

Employees will not waste their time in password inser- tion.

Employees will not transfer passwords mutually and en- danger the security of workstations and data accessible from them.

3.5.5 Security Keys

Security keys are further security elements. They manage to access safeguarded disks or archives for which your employees have forgotten the password. If necessary, they serve as an alternative authentication element for access to files. As with every other important key, it is also necessary to save it in a safe place. Security keys can be used by a manager to access the data that employees are working with.

Key Features

Security keys for encryption and decryption of files

An alternative to password submitting

Security provision against forgotten employee pass- words

Main Benefits

Forgetting an access password is no longer a problem. By means of the security key, you can make encrypted data accessible and select a new password.

Security of data remains preserved - nobody can ac- cess the data without a password or a key.

Thanks to the security key, you obtain another option of data safeguarding. Data is accessible only to the key owner.

3.5.6

Sending of Safeguarded Data by E-

Mail

Ensure that your employees send sensitive data in a real- ly safe way. Data sent by e-mail is easily readable even without special knowledge of computer science. Safetica Endpoint DLP makes automatic encryption of all files con- nected to e-mail messages. Moreover, your employees can protect sent data with a few clicks. Only a recipient who knows the correct password can access the data.

12

Key Features

Sending of safeguarded files via several clicks

Integrated into the context menu of Windows for easier use

Main Benefits

Employees do not need to learn complicated proce- dures of safeguarding and work with new complex software.

Sending of an encrypted file is quicker than a common file‘s attachment to a message.

It solves security problems in the case of a shared e-mail box.

Encrypted attachments are not readable even for mail server administrators or for anybody who is not autho- rized.

Impossibility of unauthorized reading of attachments in

the case of breaking the password to e-mail box.

4 Other

4.1 Regulatory Compliance

Safetica Endpoint Security offers mass administration of set- ting so you can easily reach compliance with the industrial standards, regulations or laws of your country. It is possible that your country’s laws approach the pro- tection of company interests strictly and do not allow the monitoring of employees‘ activities even for a short term. Thanks to Safetica software, you can nevertheless reach the maximum possible protection of your company interests. By means of templates with settings, you can very easily deac- tivate individual components on the top level. You can avoid their unintentional use during routine operation.

Achieving compliance with industrial standards and regu- lations is also very easy with Safetica Endpoint Security software. You can download templates from the product website for setting compliance with the best known stan- dards. Their number keeps increasing.

You can also download documents from the Safetica Endpoint Security website for individual legal and industrial standards, thanks to which you can understand the mean- ing of individual standards and regulations correctly. They also help you to orientate yourself in the problems of your employees‘ privacy protection.

Key Features

Software consists of components that can be individu- ally activated and deactivated.

Easy setting thanks to easy application of setting tem- plates.

Continuously expanding list of templates for specific legal and industrial standards on the product website.

Main Benefits

Avoid problems with laws that, for example, do not al- low some kind of monitoring of employees‘ work.

Combine your employees‘ privacy and the protection of your company‘s interests.

You can easily apply a newly issued standard or a le-

gitimate provision.

4.2 Time Efficient Security

4.2.1 Easy Application of Setting

Templates

Avoid complicated setting of Safetica security software. The software is equipped with templates that you can easily use to apply any required settings for a particular user or a whole group of users. Create your own templates or down- load them from Safetica website. And you can easily reach compliance with local acts or industrial standards.

Key Features

Generic templates with setting

Possibility of own template import/export

Possibility of new template download from the Safetica software website

Main Benefits

Speed up your software installation in the company.

Reach compliance with industrial standards easily.

Protect your company‘s interests fully with regard to em- ployees‘ privacy.

Combine your employees‘ privacy and the protection of your company‘s interests.

You can easily put a newly issued standard or a legiti- mate provision into practice.

4.2.2 Automatic Warnings

Looking for security problems in thousands of records is like looking for a needle in a haystack. Safetica Endpoint Secu- rity comes with a system of immediate security warnings. Thanks to this, the manager responsible will be immediately warned on a selected important event caused by an em- ployee. Most of Safetica software components use automat- ic warnings. The security manager or another authorized manager can set warnings on selected extraordinary situ- ations. In the case of their occurrence, they are informed during logging in to the Safetica Management Console or by e-mail.

Key Features

Automatic warning on the monitored event

Selection from many pre-selected events

Possibility of warning via e-mail message

Many events on which warning can be set

Immediate warning on change of behavior, suspicious activities, forbidden operations, technical tasks that re-

quire an action and other events.

13

Main Benefits

The authorized manager is not overloaded by useless information.

The time needed for checking the correct behavior of employees is minimized.

For warning delivery, the manager does not even need to be logged in to the Safetica Management Console.

4.2.3 Repeated Task Planner

Focus the time of responsible employees on more important work than routine activities. Safetica offers a security plan- ner by which responsible employees can automate regular operations, e.g. destruction of unneeded data, connection of encrypted disks and other activities.

Key Features

Regular destruction of redundant data

Connecting and disconnecting of encrypted disks

Remote planner setting on clients‘ stations

Main Benefits

Responsible employees won‘t waste time with routine tasks.

Eliminate the human factor that might endanger data security by forgetting operation.

4.2.4 Remote Administration

of Clients‘ Stations

Control the security of the whole company from your arm- chair. Ever since its beginning, Safetica software has been designed as a server-client model. Everything, from instal- lation to the detailed setting of security policy on clients‘ stations, can be executed by remote control.

Thanks to a sophisticated system of authorization granting, Safetica software is ready for installation on widespread networks including separate branches. This way, the central administrator can have access to all branches that are ad- ministrated further by local administrators with more strict authorization. Similarly, for example, a security manager of any branch can have under their control only the sector which they supervise.

Key Features

Remote installation and update of clients‘ part by means of MSI packets.

Remote Administration of Clients‘ Stations

Possibility of branch assignment

Hierarchic granting of administration authorization

Delegation of supervision on inferior security managers

Integration with company MS Active Directory

Precise specification of individuals‘ authorizations

Comfortable administration of more servers by means of the Safetica Management Console

Practically unlimited number of users and PCs

Main Benefits Comfortable installation and software administration without the necessity of a physical visit to the clients‘ computers

Branch servers operate separately. One server break- down does not endanger operation of the others.

You can distribute the load among more servers.

Everybody is authorized to access permitted functions or data only. Including administrators and security man- agers.

Possibility of interbranch help by a more experienced administrator or by a security manager.

One security manager can monitor more branches.

4.3 Detailed Control of Access

to Administration and Supervision

By means of the Safetica Management Console, you can set in details or the person who is authorized to access which settings, who can execute supervision over employees and which records are available to them. It is thus possible to split an administrator and security managers into various levels. It is not true that if a manager can access the Safetica Management Console, they can view everything automati- cally.

Key Features

Detailed options of access authorizations for individual users including management and individual levels of administrators.

Possibility to separate authorization for employee moni- toring and software setting.

Main Benefits

You can easily divide the administration of branches of your company.

You can avoid unwanted espionage of employees by unauthorized managers and administrators.

Easy creation of new checking roles, for example, tem- porary administrator, deputy security manager, etc.

4.4 Optimization for Large

Network Installation

Version 4 of Safetica Endpoint Security Software has been developed from the outset for large network installation. It works on server-client architecture and distinguishes itself by a nearly unlimited number of attachable clients. Software Safetica Endpoint Security is delivered for smaller companies without the presence of the Active Directory and MS SQL server in an alternative version that does not re- quire these technologies.

Key Features

Possibility of hierarchic classification of the server com- ponent.

Creation of separately administrated branches.

Detailed administration of managers‘ and administra- tors‘ access rights.

14

Support of terminal users‘ login (more employees on one PC).

Support of users‘ roaming accounts (a worker on more PCs).

Administrator‘s authorization is not required for a separate run of the client‘s component.

Main Benefits

You can distribute the load among more independent servers.

es, you will obtain all required data quickly. Thanks to the well-arranged Safeti- ca Management Console, adminis- trators and security managers save their work by not walking through individual working places.

The manager and the administra- tor have the possibility to adminis- ter more server components at the same time.

• Thanks to data saving into databas- Safetica Endpoint Security architecture Branch office A Branch
• Thanks to data saving into databas-
Safetica Endpoint Security architecture
Branch office A
Branch office B
Branch office C
SEC
Local admin
SMS
SMS
with SMC
SMS
Branch office D
SEC
SMS
Local admin
SEC
SQL
Enterprise
admin with SMC
with SMC
SEC Safetica Endpoint Client
Startup actions
SMC Safetica Management Console
Normal operation
SMS Safetica Management Service
Log monitoring and
management
Safetica Endpoint Security is a software based on a client-server architecture. This architecture consists of
Safetica Endpoint Security is a software based on a client-server architecture. This
architecture consists of a client (Safetica Endpoint Client), a server part (Safetica
Endpoint Service), a database (MS SQL with a large installation, SQLite with a small
installation) and an administrator console (Safetica Management Console).
Within one domain more services can run due to load distribution by means of an
Active Directory tree division. An alternative for a smaller network is also the opti-
on of installation to a network without a domain where this service can run on an
ordinary PC.
The database is used for storing of monitoring settings. It also includes categoriza-
tion database with application categories and web pages. Safetica uses Microsoft
SQL Server platform and SQLite for smaller networks.
Intelligent Employee
Print Control
Profiling
Activity
Application
Monitoring
Internet Usage
Control
Endpoint
Monitoring
Endpoint
Supervisor
Auditor
Web Control
Endpoint
Printer
DLP
Monitoring
Regulatory
Data in Use
Compliance
Protection
Data at Rest
Protection
Data in Motion
Endpoint
Protection
Security Tools
Device Control

License Policy

Safetica Endpoint Security software con- sists of three individually saleable modu- les. It is licensed by the subscription model (per year). The license influences the number of stations which can use the Safetica software at the same time. Each client operating system using the Sa- fetica software needs license (licensed per asset). For extension of a previously purchased license in its validity period there is an extending license.

Regulatory Compliance

Safetica Endpoint Security will help you to meet legislation requirements and indus- trial standards required from your compa- ny. The software can be easily adapted to specific regulations, ordinances and laws. It enables you to protect your com- pany interests in accordance with local legislation and the privacy of your staff.

Easy achievement of conformity with laws and industrial standards.

Activation of product selected com- ponents in accordance with relevant standards.

Preset templates for particular stan-

dards and laws.

Documentation for easy achievement of conformity with standards.

Import and export of templates for quick setting.

Technical requirements

Safetica Endpoint Client

Recommended requirements:

2,4/1,6 GHz one-core/dual-core processor 32-bit (x86) or 64-bit (x64)

1 GB of RAM memory

2 GB of free disk space

Installation on client

Hidden agent (also with GUI)

MS Windows XP SP3, Vista, 7, 32-bit and 64-bit

MSI installation package

Safetica Management Service

Recommended requirements:

2,4 GHz dual-core processor 32-bit (x86) or 64-bit (x64)

2 GB of RAM memory

10 GB of free disk space

Shared or dedicated server, more servers better load balancing availa- bility

MS Windows Server 2003 SP2,

2008, 2008 R2, 32-bit and 64-bit

MS SQL or SQLite for smaller networks

Support for Active Directory or wit- hout AD also

© Copyright 2011 Safetica Technologies s.r.o. All rights reserved. Safetica is a registered trademark of Safetica Technologies s.r.o. All trademarks are the property of their respective owners. Contact your reseller for Safetica Endpoint Security. Safetica Technologies s.r.o. reserves the right to change product specifications or other product information without notice. Prague | Czech Republic | Europe | 15th of April 2011